44% of SMEs in the recruitment industry have begun preparations for the General Data Protection Regulation (GDPR), the Close Brothers Business Barometer reveals.
Personal data should be managed in a safe and secure way. In an industry such as recruitment where data is collected, and trust and reputation are paramount, it is key to be fully prepared for the changes to come. There are several areas that SMEs should be particularly aware of before the regulation comes into use on 25 May 2018.
Right to be informed
Consent is required if you want to store any information on an individual including their name and email address. Clients must know exactly what their details will be used for, and this knowledge should be presented transparently; in a concise manner, easy to understand, and free to access. You may need to update your terms of use or privacy policy to give a clearer picture of how you will use your client’s data.
Additionally, these changes mean that if you want to send marketing emails about your company, you will need a positive opt in to marketing communications for each specific channel. You cannot share data with third parties unless the individual has offered further consent to allow this. These consents must be documented, which could involve changes to how you gain and retain client information.
Right to access
Clients can request access to all the data you hold on them, and how it is being processed. The access must be free, and provided without delay. To prepare for this change, it is important to audit the information you have on clients, where it is stored, and who you share it with. Companies should invest in software now that allows easy access to all of the personal data you hold on an individual to make responding to these requests in a timely fashion possible.
Right to be forgotten
Individuals can ask to be removed from your database in specific circumstances where there is no clear reason for a company to continue holding their information. For example, when consent is withdrawn to marketing contact or their data is no longer needed for the reasons it was originally collected, such as finding a job or seeking an employee.
Personal data breach
A personal data breach is a break in security when there is unauthorised access, loss, or damage to an individual’s information stored by your company.
A breach must be reported within 72 hours to a supervisory authority. Customers should also be informed quickly if the breach is serious enough, for example their identity could be at risk of theft. It is important to let customers know how the issue will affect them and how it will be resolved.
Financial penalties
Two in five SMEs in the recruitment industry are not aware of the implications if they fail to meet the standards set by the new regulation.
If you break key GDPR rules, such as not obtaining the relevant consents or not clearly stating how the data will be used, a company could be fined up to €20 million or 4% of the global turnover, whichever is greater. However, smaller violations can still be fined at €10 million or 2% of global turnover.
The potential impacts of failing to meet the standards of the GDPR could greatly affect the trust and reputation of a recruitment business. Preparing now will ensure you are ready to comply with the new regulations and keep your business running smoothly.
